kafka.security.auth.Operation Java Examples

The following examples show how to use kafka.security.auth.Operation. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RangerKafkaAuthorizer.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
public boolean authorize(Session session, Operation operation,Resource resource) {	
	if(LOG.isDebugEnabled()) {
		LOG.debug(String.format("==> RangerKafkaAuthorizer.authorize(Session=%s, Operation=%s, Resource=%s)", session, operation, resource));
	}

	boolean ret = false;
	
	try {
		activatePluginClassLoader();

		ret = rangerKakfaAuthorizerImpl.authorize(session, operation, resource);
	} finally {
		deactivatePluginClassLoader();
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerKafkaAuthorizer.authorize: " + ret);
	}
	
	return ret;
}
 
Example #2
Source File: KeycloakRBACAuthorizer.java    From strimzi-kafka-oauth with Apache License 2.0 5 votes vote down vote up
boolean delegateIfRequested(RequestChannel.Session session, Operation operation, Resource resource, JsonNode authz) {
    String nonAuthMessageFragment = session.principal() instanceof JwtKafkaPrincipal ? "" : " non-oauth";
    if (delegateToKafkaACL) {
        boolean granted = super.authorize(session, operation, resource);

        boolean grantLogOn = granted && GRANT_LOG.isDebugEnabled();
        boolean denyLogOn = !granted && DENY_LOG.isDebugEnabled();

        if (grantLogOn || denyLogOn) {
            String status = granted ? "GRANTED" : "DENIED";
            String message = "Authorization " + status + " by ACL -" + nonAuthMessageFragment + " user: " + session.principal() + ", operation: " + operation + ", resource: " + resource;

            if (grantLogOn) {
                GRANT_LOG.debug(message);
            } else if (denyLogOn) {
                DENY_LOG.debug(message);
            }
        }
        return granted;
    }

    if (DENY_LOG.isDebugEnabled()) {
        DENY_LOG.debug("Authorization DENIED -" + nonAuthMessageFragment + " user: " + session.principal() +
                ", cluster: " + clusterName + ", operation: " + operation + ", resource: " + resource + ",\n permissions: " + authz);
    }
    return false;
}
 
Example #3
Source File: SentryKafkaAuthorizer.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
@Override
  public boolean authorize(RequestChannel.Session session, Operation operation,
                           Resource resource) {
    LOG.debug("Authorizing Session: " + session + " for Operation: " + operation + " on Resource: " + resource);
    final KafkaPrincipal user = session.principal();
    if (isSuperUser(user)) {
      LOG.debug("Allowing SuperUser: " + user + " in " + session + " for Operation: " + operation + " on Resource: " + resource);
      return true;
    }
    LOG.debug("User: " + user + " is not a SuperUser");
    return binding.authorize(session, operation, resource);
}
 
Example #4
Source File: KafkaAuthBinding.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
/**
 * Authorize access to a Kafka privilege
 */
public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) {
    List<Authorizable> authorizables = ConvertUtil.convertResourceToAuthorizable(session.clientAddress().getHostAddress(), resource);
    Set<KafkaAction> actions = Sets.newHashSet(actionFactory.getActionByName(operation.name()));
    return authProvider.hasAccess(new Subject(getName(session)), authorizables, actions, ActiveRoleSet.ALL);
}